CVE-2025-55179 MEDIUM

CVE-2025-55179

Vendor Facebook
Product WhatsApp Business for iOS
Published November 18, 2025
Last update November 18, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

What the vulnerability does

01Description

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.

Key dates

02Disclosure timeline

November 18, 2025 CVE published
November 18, 2025 Record updated